Kenji Arai
/
mbed-os_TYBLE16
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
Embed:
(wiki syntax)
Show/hide line numbers
aes_mbedtls.c
00001 /* 00002 * Copyright (c) 2006-2018, Arm Limited and affiliates. 00003 * SPDX-License-Identifier: Apache-2.0 00004 * 00005 * Licensed under the Apache License, Version 2.0 (the "License"); 00006 * you may not use this file except in compliance with the License. 00007 * You may obtain a copy of the License at 00008 * 00009 * http://www.apache.org/licenses/LICENSE-2.0 00010 * 00011 * Unless required by applicable law or agreed to in writing, software 00012 * distributed under the License is distributed on an "AS IS" BASIS, 00013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 00014 * See the License for the specific language governing permissions and 00015 * limitations under the License. 00016 */ 00017 00018 /* 00019 * FIPS-197 compliant AES implementation 00020 * 00021 * This file is derived from aes.c in mbed TLS 1.3.10, stripped down to 00022 * only support 128-bit encryption. 00023 * 00024 * Subsequently search-and-replaced to match later naming change. 00025 * 00026 * It is not intended to be used directly; it is conditionally included by 00027 * aes_common.c, so everything in the file is marked static. 00028 */ 00029 00030 #include <stdint.h> 00031 #include <string.h> 00032 00033 #define MBEDTLS_AES_ENCRYPT 1 00034 #define MBEDTLS_AES_DECRYPT 0 00035 00036 #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ 00037 #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ 00038 #define MBEDTLS_ERR_AES_UNSUPPORTED -0x0023 /**< Operation not supported . */ 00039 00040 /** 00041 * \brief AES context structure 00042 */ 00043 typedef struct { 00044 int nr; /*!< number of rounds */ 00045 uint32_t *rk; /*!< AES round keys */ 00046 uint32_t buf[44]; /*!< unaligned data */ 00047 } 00048 mbedtls_aes_context; 00049 00050 /* Implementation that should never be optimized out by the compiler */ 00051 static void mbedtls_zeroize(void *v, size_t n) 00052 { 00053 volatile unsigned char *p = v; 00054 while (n--) { 00055 *p++ = 0; 00056 } 00057 } 00058 00059 /* 00060 * 32-bit integer manipulation macros (little endian) 00061 */ 00062 #ifndef GET_UINT32_LE 00063 #define GET_UINT32_LE(n,b,i) \ 00064 { \ 00065 (n) = ( (uint32_t) (b)[(i) ] ) \ 00066 | ( (uint32_t) (b)[(i) + 1] << 8 ) \ 00067 | ( (uint32_t) (b)[(i) + 2] << 16 ) \ 00068 | ( (uint32_t) (b)[(i) + 3] << 24 ); \ 00069 } 00070 #endif 00071 00072 #ifndef PUT_UINT32_LE 00073 #define PUT_UINT32_LE(n,b,i) \ 00074 { \ 00075 (b)[(i) ] = (unsigned char) ( ( (n) ) & 0xFF ); \ 00076 (b)[(i) + 1] = (unsigned char) ( ( (n) >> 8 ) & 0xFF ); \ 00077 (b)[(i) + 2] = (unsigned char) ( ( (n) >> 16 ) & 0xFF ); \ 00078 (b)[(i) + 3] = (unsigned char) ( ( (n) >> 24 ) & 0xFF ); \ 00079 } 00080 #endif 00081 00082 /* 00083 * Forward S-box 00084 */ 00085 static const unsigned char FSb[256] = { 00086 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 00087 0x30, 0x01, 0x67, 0x2B, 0xFE, 0xD7, 0xAB, 0x76, 00088 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, 00089 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 00090 0xB7, 0xFD, 0x93, 0x26, 0x36, 0x3F, 0xF7, 0xCC, 00091 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, 00092 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 00093 0x07, 0x12, 0x80, 0xE2, 0xEB, 0x27, 0xB2, 0x75, 00094 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, 00095 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 00096 0x53, 0xD1, 0x00, 0xED, 0x20, 0xFC, 0xB1, 0x5B, 00097 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, 00098 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 00099 0x45, 0xF9, 0x02, 0x7F, 0x50, 0x3C, 0x9F, 0xA8, 00100 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, 00101 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 00102 0xCD, 0x0C, 0x13, 0xEC, 0x5F, 0x97, 0x44, 0x17, 00103 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, 00104 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 00105 0x46, 0xEE, 0xB8, 0x14, 0xDE, 0x5E, 0x0B, 0xDB, 00106 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, 00107 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 00108 0xE7, 0xC8, 0x37, 0x6D, 0x8D, 0xD5, 0x4E, 0xA9, 00109 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, 00110 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 00111 0xE8, 0xDD, 0x74, 0x1F, 0x4B, 0xBD, 0x8B, 0x8A, 00112 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, 00113 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 00114 0xE1, 0xF8, 0x98, 0x11, 0x69, 0xD9, 0x8E, 0x94, 00115 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, 00116 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 00117 0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16 00118 }; 00119 00120 /* 00121 * Forward tables 00122 */ 00123 #define FT \ 00124 \ 00125 V(A5,63,63,C6), V(84,7C,7C,F8), V(99,77,77,EE), V(8D,7B,7B,F6), \ 00126 V(0D,F2,F2,FF), V(BD,6B,6B,D6), V(B1,6F,6F,DE), V(54,C5,C5,91), \ 00127 V(50,30,30,60), V(03,01,01,02), V(A9,67,67,CE), V(7D,2B,2B,56), \ 00128 V(19,FE,FE,E7), V(62,D7,D7,B5), V(E6,AB,AB,4D), V(9A,76,76,EC), \ 00129 V(45,CA,CA,8F), V(9D,82,82,1F), V(40,C9,C9,89), V(87,7D,7D,FA), \ 00130 V(15,FA,FA,EF), V(EB,59,59,B2), V(C9,47,47,8E), V(0B,F0,F0,FB), \ 00131 V(EC,AD,AD,41), V(67,D4,D4,B3), V(FD,A2,A2,5F), V(EA,AF,AF,45), \ 00132 V(BF,9C,9C,23), V(F7,A4,A4,53), V(96,72,72,E4), V(5B,C0,C0,9B), \ 00133 V(C2,B7,B7,75), V(1C,FD,FD,E1), V(AE,93,93,3D), V(6A,26,26,4C), \ 00134 V(5A,36,36,6C), V(41,3F,3F,7E), V(02,F7,F7,F5), V(4F,CC,CC,83), \ 00135 V(5C,34,34,68), V(F4,A5,A5,51), V(34,E5,E5,D1), V(08,F1,F1,F9), \ 00136 V(93,71,71,E2), V(73,D8,D8,AB), V(53,31,31,62), V(3F,15,15,2A), \ 00137 V(0C,04,04,08), V(52,C7,C7,95), V(65,23,23,46), V(5E,C3,C3,9D), \ 00138 V(28,18,18,30), V(A1,96,96,37), V(0F,05,05,0A), V(B5,9A,9A,2F), \ 00139 V(09,07,07,0E), V(36,12,12,24), V(9B,80,80,1B), V(3D,E2,E2,DF), \ 00140 V(26,EB,EB,CD), V(69,27,27,4E), V(CD,B2,B2,7F), V(9F,75,75,EA), \ 00141 V(1B,09,09,12), V(9E,83,83,1D), V(74,2C,2C,58), V(2E,1A,1A,34), \ 00142 V(2D,1B,1B,36), V(B2,6E,6E,DC), V(EE,5A,5A,B4), V(FB,A0,A0,5B), \ 00143 V(F6,52,52,A4), V(4D,3B,3B,76), V(61,D6,D6,B7), V(CE,B3,B3,7D), \ 00144 V(7B,29,29,52), V(3E,E3,E3,DD), V(71,2F,2F,5E), V(97,84,84,13), \ 00145 V(F5,53,53,A6), V(68,D1,D1,B9), V(00,00,00,00), V(2C,ED,ED,C1), \ 00146 V(60,20,20,40), V(1F,FC,FC,E3), V(C8,B1,B1,79), V(ED,5B,5B,B6), \ 00147 V(BE,6A,6A,D4), V(46,CB,CB,8D), V(D9,BE,BE,67), V(4B,39,39,72), \ 00148 V(DE,4A,4A,94), V(D4,4C,4C,98), V(E8,58,58,B0), V(4A,CF,CF,85), \ 00149 V(6B,D0,D0,BB), V(2A,EF,EF,C5), V(E5,AA,AA,4F), V(16,FB,FB,ED), \ 00150 V(C5,43,43,86), V(D7,4D,4D,9A), V(55,33,33,66), V(94,85,85,11), \ 00151 V(CF,45,45,8A), V(10,F9,F9,E9), V(06,02,02,04), V(81,7F,7F,FE), \ 00152 V(F0,50,50,A0), V(44,3C,3C,78), V(BA,9F,9F,25), V(E3,A8,A8,4B), \ 00153 V(F3,51,51,A2), V(FE,A3,A3,5D), V(C0,40,40,80), V(8A,8F,8F,05), \ 00154 V(AD,92,92,3F), V(BC,9D,9D,21), V(48,38,38,70), V(04,F5,F5,F1), \ 00155 V(DF,BC,BC,63), V(C1,B6,B6,77), V(75,DA,DA,AF), V(63,21,21,42), \ 00156 V(30,10,10,20), V(1A,FF,FF,E5), V(0E,F3,F3,FD), V(6D,D2,D2,BF), \ 00157 V(4C,CD,CD,81), V(14,0C,0C,18), V(35,13,13,26), V(2F,EC,EC,C3), \ 00158 V(E1,5F,5F,BE), V(A2,97,97,35), V(CC,44,44,88), V(39,17,17,2E), \ 00159 V(57,C4,C4,93), V(F2,A7,A7,55), V(82,7E,7E,FC), V(47,3D,3D,7A), \ 00160 V(AC,64,64,C8), V(E7,5D,5D,BA), V(2B,19,19,32), V(95,73,73,E6), \ 00161 V(A0,60,60,C0), V(98,81,81,19), V(D1,4F,4F,9E), V(7F,DC,DC,A3), \ 00162 V(66,22,22,44), V(7E,2A,2A,54), V(AB,90,90,3B), V(83,88,88,0B), \ 00163 V(CA,46,46,8C), V(29,EE,EE,C7), V(D3,B8,B8,6B), V(3C,14,14,28), \ 00164 V(79,DE,DE,A7), V(E2,5E,5E,BC), V(1D,0B,0B,16), V(76,DB,DB,AD), \ 00165 V(3B,E0,E0,DB), V(56,32,32,64), V(4E,3A,3A,74), V(1E,0A,0A,14), \ 00166 V(DB,49,49,92), V(0A,06,06,0C), V(6C,24,24,48), V(E4,5C,5C,B8), \ 00167 V(5D,C2,C2,9F), V(6E,D3,D3,BD), V(EF,AC,AC,43), V(A6,62,62,C4), \ 00168 V(A8,91,91,39), V(A4,95,95,31), V(37,E4,E4,D3), V(8B,79,79,F2), \ 00169 V(32,E7,E7,D5), V(43,C8,C8,8B), V(59,37,37,6E), V(B7,6D,6D,DA), \ 00170 V(8C,8D,8D,01), V(64,D5,D5,B1), V(D2,4E,4E,9C), V(E0,A9,A9,49), \ 00171 V(B4,6C,6C,D8), V(FA,56,56,AC), V(07,F4,F4,F3), V(25,EA,EA,CF), \ 00172 V(AF,65,65,CA), V(8E,7A,7A,F4), V(E9,AE,AE,47), V(18,08,08,10), \ 00173 V(D5,BA,BA,6F), V(88,78,78,F0), V(6F,25,25,4A), V(72,2E,2E,5C), \ 00174 V(24,1C,1C,38), V(F1,A6,A6,57), V(C7,B4,B4,73), V(51,C6,C6,97), \ 00175 V(23,E8,E8,CB), V(7C,DD,DD,A1), V(9C,74,74,E8), V(21,1F,1F,3E), \ 00176 V(DD,4B,4B,96), V(DC,BD,BD,61), V(86,8B,8B,0D), V(85,8A,8A,0F), \ 00177 V(90,70,70,E0), V(42,3E,3E,7C), V(C4,B5,B5,71), V(AA,66,66,CC), \ 00178 V(D8,48,48,90), V(05,03,03,06), V(01,F6,F6,F7), V(12,0E,0E,1C), \ 00179 V(A3,61,61,C2), V(5F,35,35,6A), V(F9,57,57,AE), V(D0,B9,B9,69), \ 00180 V(91,86,86,17), V(58,C1,C1,99), V(27,1D,1D,3A), V(B9,9E,9E,27), \ 00181 V(38,E1,E1,D9), V(13,F8,F8,EB), V(B3,98,98,2B), V(33,11,11,22), \ 00182 V(BB,69,69,D2), V(70,D9,D9,A9), V(89,8E,8E,07), V(A7,94,94,33), \ 00183 V(B6,9B,9B,2D), V(22,1E,1E,3C), V(92,87,87,15), V(20,E9,E9,C9), \ 00184 V(49,CE,CE,87), V(FF,55,55,AA), V(78,28,28,50), V(7A,DF,DF,A5), \ 00185 V(8F,8C,8C,03), V(F8,A1,A1,59), V(80,89,89,09), V(17,0D,0D,1A), \ 00186 V(DA,BF,BF,65), V(31,E6,E6,D7), V(C6,42,42,84), V(B8,68,68,D0), \ 00187 V(C3,41,41,82), V(B0,99,99,29), V(77,2D,2D,5A), V(11,0F,0F,1E), \ 00188 V(CB,B0,B0,7B), V(FC,54,54,A8), V(D6,BB,BB,6D), V(3A,16,16,2C) 00189 00190 #define V(a,b,c,d) 0x##a##b##c##d 00191 static const uint32_t FT0[256] = { FT }; 00192 #undef V 00193 00194 #define V(a,b,c,d) 0x##b##c##d##a 00195 static const uint32_t FT1[256] = { FT }; 00196 #undef V 00197 00198 #define V(a,b,c,d) 0x##c##d##a##b 00199 static const uint32_t FT2[256] = { FT }; 00200 #undef V 00201 00202 #define V(a,b,c,d) 0x##d##a##b##c 00203 static const uint32_t FT3[256] = { FT }; 00204 #undef V 00205 00206 #undef FT 00207 00208 00209 /* 00210 * Round constants 00211 */ 00212 static const uint32_t RCON[10] = { 00213 0x00000001, 0x00000002, 0x00000004, 0x00000008, 00214 0x00000010, 0x00000020, 0x00000040, 0x00000080, 00215 0x0000001B, 0x00000036 00216 }; 00217 00218 00219 static void mbedtls_aes_init(mbedtls_aes_context *ctx) 00220 { 00221 memset(ctx, 0, sizeof(mbedtls_aes_context)); 00222 } 00223 00224 static void mbedtls_aes_free(mbedtls_aes_context *ctx) 00225 { 00226 if (ctx == NULL) { 00227 return; 00228 } 00229 00230 mbedtls_zeroize(ctx, sizeof(mbedtls_aes_context)); 00231 } 00232 00233 /* 00234 * AES key schedule (encryption) 00235 */ 00236 static int mbedtls_aes_setkey_enc(mbedtls_aes_context *ctx, const unsigned char *key, 00237 unsigned int keysize) 00238 { 00239 unsigned int i; 00240 uint32_t *RK; 00241 00242 switch (keysize) { 00243 case 128: 00244 ctx->nr = 10; 00245 break; 00246 default : 00247 return (MBEDTLS_ERR_AES_INVALID_KEY_LENGTH); 00248 } 00249 00250 ctx->rk = RK = ctx->buf ; 00251 00252 for (i = 0; i < (keysize >> 5); i++) { 00253 GET_UINT32_LE(RK[i], key, i << 2); 00254 } 00255 00256 switch (ctx->nr ) { 00257 case 10: 00258 00259 for (i = 0; i < 10; i++, RK += 4) { 00260 RK[4] = RK[0] ^ RCON[i] ^ 00261 ((uint32_t) FSb[(RK[3] >> 8) & 0xFF ]) ^ 00262 ((uint32_t) FSb[(RK[3] >> 16) & 0xFF ] << 8) ^ 00263 ((uint32_t) FSb[(RK[3] >> 24) & 0xFF ] << 16) ^ 00264 ((uint32_t) FSb[(RK[3]) & 0xFF ] << 24); 00265 00266 RK[5] = RK[1] ^ RK[4]; 00267 RK[6] = RK[2] ^ RK[5]; 00268 RK[7] = RK[3] ^ RK[6]; 00269 } 00270 break; 00271 } 00272 00273 return (0); 00274 } 00275 00276 00277 #define AES_FROUND(X0,X1,X2,X3,Y0,Y1,Y2,Y3) \ 00278 { \ 00279 X0 = *RK++ ^ FT0[ ( Y0 ) & 0xFF ] ^ \ 00280 FT1[ ( Y1 >> 8 ) & 0xFF ] ^ \ 00281 FT2[ ( Y2 >> 16 ) & 0xFF ] ^ \ 00282 FT3[ ( Y3 >> 24 ) & 0xFF ]; \ 00283 \ 00284 X1 = *RK++ ^ FT0[ ( Y1 ) & 0xFF ] ^ \ 00285 FT1[ ( Y2 >> 8 ) & 0xFF ] ^ \ 00286 FT2[ ( Y3 >> 16 ) & 0xFF ] ^ \ 00287 FT3[ ( Y0 >> 24 ) & 0xFF ]; \ 00288 \ 00289 X2 = *RK++ ^ FT0[ ( Y2 ) & 0xFF ] ^ \ 00290 FT1[ ( Y3 >> 8 ) & 0xFF ] ^ \ 00291 FT2[ ( Y0 >> 16 ) & 0xFF ] ^ \ 00292 FT3[ ( Y1 >> 24 ) & 0xFF ]; \ 00293 \ 00294 X3 = *RK++ ^ FT0[ ( Y3 ) & 0xFF ] ^ \ 00295 FT1[ ( Y0 >> 8 ) & 0xFF ] ^ \ 00296 FT2[ ( Y1 >> 16 ) & 0xFF ] ^ \ 00297 FT3[ ( Y2 >> 24 ) & 0xFF ]; \ 00298 } 00299 00300 /* 00301 * AES-ECB block encryption/decryption 00302 */ 00303 static int mbedtls_aes_crypt_ecb(mbedtls_aes_context *ctx, 00304 int mode, 00305 const unsigned char input[16], 00306 unsigned char output[16]) 00307 { 00308 int i; 00309 uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3; 00310 00311 RK = ctx->rk ; 00312 00313 GET_UINT32_LE(X0, input, 0); 00314 X0 ^= *RK++; 00315 GET_UINT32_LE(X1, input, 4); 00316 X1 ^= *RK++; 00317 GET_UINT32_LE(X2, input, 8); 00318 X2 ^= *RK++; 00319 GET_UINT32_LE(X3, input, 12); 00320 X3 ^= *RK++; 00321 00322 if (mode == MBEDTLS_AES_DECRYPT) { 00323 return (MBEDTLS_ERR_AES_UNSUPPORTED); 00324 } else { /* MBEDTLS_AES_ENCRYPT */ 00325 for (i = (ctx->nr >> 1) - 1; i > 0; i--) { 00326 AES_FROUND(Y0, Y1, Y2, Y3, X0, X1, X2, X3); 00327 AES_FROUND(X0, X1, X2, X3, Y0, Y1, Y2, Y3); 00328 } 00329 00330 AES_FROUND(Y0, Y1, Y2, Y3, X0, X1, X2, X3); 00331 00332 X0 = *RK++ ^ \ 00333 ((uint32_t) FSb[(Y0) & 0xFF ]) ^ 00334 ((uint32_t) FSb[(Y1 >> 8) & 0xFF ] << 8) ^ 00335 ((uint32_t) FSb[(Y2 >> 16) & 0xFF ] << 16) ^ 00336 ((uint32_t) FSb[(Y3 >> 24) & 0xFF ] << 24); 00337 00338 X1 = *RK++ ^ \ 00339 ((uint32_t) FSb[(Y1) & 0xFF ]) ^ 00340 ((uint32_t) FSb[(Y2 >> 8) & 0xFF ] << 8) ^ 00341 ((uint32_t) FSb[(Y3 >> 16) & 0xFF ] << 16) ^ 00342 ((uint32_t) FSb[(Y0 >> 24) & 0xFF ] << 24); 00343 00344 X2 = *RK++ ^ \ 00345 ((uint32_t) FSb[(Y2) & 0xFF ]) ^ 00346 ((uint32_t) FSb[(Y3 >> 8) & 0xFF ] << 8) ^ 00347 ((uint32_t) FSb[(Y0 >> 16) & 0xFF ] << 16) ^ 00348 ((uint32_t) FSb[(Y1 >> 24) & 0xFF ] << 24); 00349 00350 X3 = *RK++ ^ \ 00351 ((uint32_t) FSb[(Y3) & 0xFF ]) ^ 00352 ((uint32_t) FSb[(Y0 >> 8) & 0xFF ] << 8) ^ 00353 ((uint32_t) FSb[(Y1 >> 16) & 0xFF ] << 16) ^ 00354 ((uint32_t) FSb[(Y2 >> 24) & 0xFF ] << 24); 00355 } 00356 00357 PUT_UINT32_LE(X0, output, 0); 00358 PUT_UINT32_LE(X1, output, 4); 00359 PUT_UINT32_LE(X2, output, 8); 00360 PUT_UINT32_LE(X3, output, 12); 00361 00362 return (0); 00363 }
Generated on Tue Jul 12 2022 13:54:00 by
1.7.2